Secure Mobile Access 12.4 Administration Guide
Table of Contents
Auditing Connection Status Messages
The network proxy/tunnel audit log includes a connection status code that is often useful in debugging
client/server connection problems. The status code is the field immediately following the destination-ip:port
field in the log file (see Network Tunnel Audit Log for a description of an entire log file entry). the Connection
status codes table describes each code.
| Connection status code | Description |
| 0 | Successful connection attempt with no errors encountered |
| 1 | Client presented an invalid TEAM credential |
| 2 | Couldn't send TEAM request to client, error in tunnel auth exchange, or error in PS auth exchange |
| 3 | Tunnel protocol at client is below minimum supported by appliance |
| 4 | TP error, or unsupported feature requested |
| 5 | Session sat idle longer than allowed by configuration or defaults |
| 6 | Tunnel pools have no addresses available |
| 9 | No tunnel internal address (bad cfg); realm_list (shouldn't happen) problem; client rejected resource list |
| 10 | Client version mismatch |
| 11 | All available tunnel pool addresses conflict with the client's networking environment in fatal ways |
| 12 | Special error to client indicating it should attempt a resume immediately |
| 65535 | Permission denied |
| 65524 | Out of memory |
| 65520 | System busy, session dropped |
| 65514 | Internal inconsistency, unexpected condition encountered |
| 65504 | Tunnel service aborted |
| 65432 | Connection reset by peer |
| 65429 | Not connected (internal error) |
| 65428 | Tunnel service shutdown |
| 65426 | Timeout (not necessarily an error, esp. for UDP flows) |
| 65279 | No authentication method |
| 65278 | Authentication failed (for example, the user entered an invalid username/password) |
| 65277 | Authentication I/O fail |
| 65276 | Authentication quiet fail |
| 65275 | Lost client connection |
| 65274 | Cannot load module |
| 65273 | Not authorized (for example, access denied due to policy) |
| 65272 | Encrypt failure |
| 65271 | Unknown failure |
Examples
If a user enters an invalid username/password, error number 65535 appears in the log:
192.168.2.69:3127 ssl "testing" "26/Feb/2017:21:31:51.947 +0000" none -:- 65535 385 0 14
352711-01-521146-5
If a timeout occurred, the message contains error number 65426:
192.168.2.69:3127 ssl "testing" "26/Feb/2017:21:31:51.947 +0000" none -:- 65426 385 0 1
352711-01-521146-5
All tunnel traffic originating from the client and destined for the Internet (running in redirect-all mode) is routed
through an IP address you specify on the Configure Network Tunnel Service page in AMC (Enable route to
Internet). If this route to the Internet is not available, you’ll see a connection status code of 65504:
151.219.76.85:4827 - "(l248411)@(Radius)" "26/Jun/2016:17:54:14.916 +0000" 1.1 Flow:TCP
165.170.0.1:1503 65504 0 0 60 352711-01-521146-5